If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

It makes a bloody big difference to the problem..
There are differences between Snort for Linux and Snort for Win.. for a start the Win version is a Port from the *nix..
Smoothwall V2 is an operating system based on Linux kernal 2.4.. It is not a windows application.. Giving a windows solution to a application running under linux is like solving a submarine problem with Automobile solutions.. you may accedently hit the solution.. but you may sink in the process..

Also as already stated.. The Version of Smoothwall is important.. as there were problems with Snort under the earlier Smoothwall V2 beta's.. and in some the patches didn't solve all the problems with all hardware combinations..
Just using a different chipset NIC may be the answer, or try V2 b7 of smoothwall..

And yes i am in a bad mood.. and like Badfalls_girl.. I do bite..

cheers

"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

Undertaker: Now that's all cleared up...... ..... It's Nightfalls_Girl...... and she carries a big stick....

Heretic:

What if I wanted all traffic to flow through the outside computer normally

You mean you want the traffic to flow internet -> External NIC -> Internal NIC -> Internal Network? That would be an inline implementation and yes it would work. You just need to make sure you pick the right NIC to listen on. You'd have to set the box up as a router and I can't remember my level of success trying that with Win2k - Yeah M$ may say "you do it this way" but there are varying degrees of success with M$'s How to's..... <sigh>

You'd still need to be firewalled at some point too and I'm not sure if you could make a firewall work on the same box and have an effective install of snort. What I do with my snort boxes is I have a hub outside the firewall and a hub inside before the internal router. Then I can see _all_ inbound and outbound traffic and therefore have confirmation of the ACL's, (if port 8080 isn't allowed inbound and both snorts alert on a port 8080 proxy scan then my firewall is messed up.... Handy-dandy little piece of info to know.....

Don\'t SYN us.... We\'ll SYN you..... \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides